Search CVE reports
1 – 3 of 3 results
Some fixes available 3 of 4
file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to...
1 affected package
grunt
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| grunt | Not affected | Fixed | Fixed | Fixed |
Some fixes available 3 of 4
Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
1 affected package
grunt
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| grunt | Not affected | Fixed | Fixed | Fixed |
Some fixes available 2 of 3
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
1 affected package
grunt
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| grunt | Not affected | Not affected | Fixed | Fixed |